<?php 
namespace Admin\Controller;
use Think\Controller;
class LoginController extends Controller{
	//登陆页面
    public function index(){
		$this->display();
    }
    //用户登陆处理表单
    public function login(){  	
    	if(!IS_POST) $this->error("非法操作!");
		$db = M('user');
		$username =I('username');
		$password =I('password','','md5');
		$code = I('verify','','strtolower');
		//判断验证码是否正确
		if($code != session('verify')){
			$data["status"]=0;
			$data["info"] ="验证码错误";
			$this->ajaxReturn($data,'json');
		//	$this->error('验证码错误');
		}
		//判断用户是否存在
		$user = $db->where(array('username'=>$username,'password'=>$password,))->find();
		
		if (!$user) {
			$data["status"]=0;
			$data["info"] ="账号或密码错误";
			$this->ajaxReturn($data,'json');
			//$this->error("账号或密码错误");
		}
		if($user['status'] == '1'){
			$data["status"]=0;
			$data["info"] ="用户被锁定,请联系管理员解锁";
			$this->ajaxReturn($data,'json');
			//$this->error("用户被锁定,请联系管理员解锁");
		}
		//更新数据信息
		$data =array( 
			'id' => $user['id'],
			'logintime' => time(),
			'loginip' => get_client_ip(),
		);	
		$db->save($data); 
		//把用登陆信息存到SESSION
		session(null);
		session(C('USER_AUTH_KEY'),$user['id']);
		session("username",$user['username']);
		session("logintime",date('Y-m-d H:i:s'),$user['logintime']);
		session("loginip",$user['loginip']);
		//超级管理员识别
		if($user['username'] == C('RBAC_SUPERADMIN')){
			session(C('ADMIN_AUTH_KEY'),true);
		}
		
		\Org\Util\Rbac::saveAccessList(); //调用rabc方法 把权限存到session  

		$data["status"]=1;
		$data["info"] ="登陆成功";
		$this->ajaxReturn($data,'json');		
	//	$this->success("登陆成功",__MODULE__);			 
    }

    //验证码
    public function verify(){
    	\Util\Image::verify();
    }	
}
?>